<!DOCTYPE html>
<html>
<head>
	<meta charset="UTF-8">
	<title>安装 - 网络安全大百科 - 配套靶场</title>
	<meta name="renderer" content="webkit">
	<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
	<meta name="viewport"
		  content="width=device-width,user-scalable=yes, minimum-scale=0.4, initial-scale=0.8,target-densitydpi=low-dpi"/>
	<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon"/>
	<link rel="stylesheet" href="./statics/xadmin/css/font.css">
	<link rel="stylesheet" href="./statics/xadmin/css/xadmin.css">
</head>
<body>
<div class="x-body layui-anim layui-anim-up">
	<blockquote class="layui-elem-quote">安装 - 欢迎来到网络安全大百科 - 配套靶场</blockquote>
	<?php
		define( 'YAR_WEB_PAGE_TO_ROOT', '' );
		require_once YAR_WEB_PAGE_TO_ROOT . 'include/common.php';
		$message = messagesPopAllToHtml();
		if($message != ""){
			echo "<blockquote class='layui-elem-quote'>". $message ."</blockquote>";
		}
	?>

	<fieldset class="layui-elem-field">
		<legend>当前环境状态</legend>
		<div class="layui-field-box">
			<?php
			if( isset( $_POST[ 'create_db' ] ) ) {
				// Anti-CSRF
				if (array_key_exists ("session_token", $_SESSION)) {
					$session_token = $_SESSION[ 'session_token' ];
				} else {
					$session_token = "";
				}

				checkToken( $_REQUEST[ 'user_token' ], $session_token, 'setup.php' );

				if( $DBMS == 'MySQL' ) {
					include_once YAR_WEB_PAGE_TO_ROOT . 'include/mysql.php';
				}else {
					yarMessagePush( 'ERROR: Invalid database selected. Please review the config file syntax.' );
					yarPageReload();
				}
			}
			// Anti-CSRF
			generateSessionToken();

			echo "<form action=\"#\" method=\"post\">
				<button name=\"create_db\" type=\"submit \" class=\"layui-btn\">创建/重置 数据库</button>
				" . tokenField() . "</form>";

			// Setup Functions --
			$PHPUploadPath = realpath(getcwd() . DIRECTORY_SEPARATOR . YAR_WEB_PAGE_TO_ROOT . "hackable" . DIRECTORY_SEPARATOR . "uploads") . DIRECTORY_SEPARATOR;

			$phpDisplayErrors = '<em>' . (ini_get('display_errors') ? 'Enabled</em> <i>(Easy Mode!)</i>' : 'Disabled</em>');                                                  // Verbose error messages (e.g. full path disclosure)
			$phpSafeMode = '<span class="' . (ini_get('safe_mode') ? 'failure">Enabled' : 'success">Disabled') . '</span>';                                                   // DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0
			$phpMagicQuotes = '<span class="' . (ini_get('magic_quotes_gpc') ? 'failure">Enabled' : 'success">Disabled') . '</span>';                                     // DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0
			$phpURLInclude = '<span class="' . (ini_get('allow_url_include') ? 'success">Enabled' : 'failure">Disabled') . '</span>';                                   // RFI
			$phpURLFopen = '<span class="' . (ini_get('allow_url_fopen') ? 'success">Enabled' : 'failure">Disabled') . '</span>';                                       // RFI
			$phpGD = '<span class="' . ((extension_loaded('gd') && function_exists('gd_info')) ? 'success">Installed' : 'failure">Missing - Only an issue if you want to play with captchas') . '</span>';                    // File Upload
			$phpMySQL = '<span class="' . ((extension_loaded('mysqli') && function_exists('mysqli_query')) ? 'success">Installed' : 'failure">Missing') . '</span>';                // Core YAR
			$phpPDO = '<span class="' . (extension_loaded('pdo_mysql') ? 'success">Installed' : 'failure">Missing') . '</span>';                // SQLi
			$YARRecaptcha = 'reCAPTCHA key: <span class="' . ((isset($_YAR['recaptcha_public_key']) && $_YAR['recaptcha_public_key'] != '') ? 'success">' . $_YAR['recaptcha_public_key'] : 'failure">Missing') . '</span>';

			$YARUploadsWrite = '[User: ' . get_current_user() . '] 可写文件夹 ' . $PHPUploadPath . ': <span class="' . (is_writable($PHPUploadPath) ? 'success">Yes' : 'failure">No') . '</span>';                                     // File Upload

			$YAROS =  (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN' ? 'Windows' : '*nix') . '</em>';
			$SERVER_NAME = 'Web Server SERVER_NAME: <em>' . $_SERVER['SERVER_NAME'] . '</em>';                                                                                                          // CSRF

			$MYSQL_USER = '<em>' . $_YAR['db_user'] . '</em>';
			$MYSQL_PASS = '<em>' . (($_YAR['db_password'] != "") ? '******' : '*blank*') . '</em>';
			$MYSQL_DB = '<em>' . $_YAR['db_database'] . '</em>';
			$MYSQL_SERVER = '<em>' . $_YAR['db_server'] . '</em>';
			// -- END (Setup Functions)

			?>
			<br />
			<table class="layui-table">
			<tr><th width="30%">键</th><th>值</th></tr>

			<?php
			$currentStatus = "
							<tr><td>操作系统版本</td><td>{$YAROS}</td></tr>
							<tr><td>数据库类型</td><td>{$DBMS}</td></tr>
							<tr><td>PHP版本</td><td>".phpversion()."</td></tr>
							<tr><td>服务器名称</td><td>{$SERVER_NAME}</td></tr>
							<tr><td>PHP 函数 display_errors</td><td>{$phpDisplayErrors}</td></tr>
							<tr><td>PHP 函数 safe_mode</td><td>{$phpSafeMode}</td></tr>
							<tr><td>PHP 函数 allow_url_include</td><td>{$phpURLInclude}</td></tr>
							<tr><td>PHP 函数 allow_url_fopen</td><td>{$phpURLFopen}</td></tr>
							<tr><td>PHP 函数 magic_quotes_gpc</td><td>{$phpMagicQuotes}</td></tr>
							<tr><td>PHP 模块 gd</td><td>{$phpGD}</td></tr>
							<tr><td>PHP 模块 mysql</td><td>{$phpMySQL}</td></tr>
							<tr><td>PHP 模块 pdo_mysql</td><td>{$phpPDO}</td></tr>
							<tr><td>MySQL 用户名</td><td>{$MYSQL_USER}</td></tr>
							<tr><td>MySQL 密码</td><td>{$MYSQL_PASS}</td></tr>
							<tr><td>MySQL 数据库名</td><td>{$MYSQL_DB}</td></tr>
							<tr><td>MySQL 主机</td><td>{$MYSQL_SERVER}</td></tr>
							<tr><td colspan='2'>{$YARUploadsWrite}</td></tr>
							";
			echo $currentStatus;
			?>
			</table>
		</div>
	</fieldset>

	<blockquote class="layui-elem-quote layui-quote-nm">
		建议红色选项进行更改，均为绿色为最佳实践方式。
	</blockquote>
</div>
</body>
</html>


